Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Set close-on-exec flagas to avoid FD leaks to subprocesses #220

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Set close-on-exec flagas to avoid FD leaks to subprocesses #220

wants to merge 3 commits into from

Commits on Dec 1, 2022

  1. epoll: avoid fd leaks to child processes by using epoll_create1. 

    There is no use case in which one would need to share libdill's epoll
file descriptor with a child process. Even if it was innocuous, it makes
automated checking difficult as one has to consider this special case.

Since libdill does not provide access to the internal epoll fd, the only
way to fix this is to change the source code itself.
    @jcarrano
    jcarrano committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    261a143 View commit details
    Browse the repository at this point in the history

  2. Set close-on-exec on new sockets created through accept(...) 

    This is necessary to avoid leaking file descriptors to child processes.

The implementation tries to use accept4 when available, since that sets the
flag atomically with the creation of the connected socket, and falls back
to accept()+fcntl if not.
    @jcarrano
    jcarrano committed Dec 1, 2022
    Configuration menu
    Copy the full SHA
    2ed6afb View commit details
    Browse the repository at this point in the history

Commits on Dec 2, 2022

  1. dill_fd_own: preserve fd-flags (CLOEXEC) after dup. 

    The IPC and TPC subsystems call dill_fd_own which does not preserve the
file descriptor flags. This means that even if the user creates the sockets
with the proper flags, when they use "fromfd" the file descriptors will still be
leaked to child processes.

The implementation tries to use F_DUPFD_CLOEXEC if available.
    @jcarrano
    jcarrano committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    acf0c50 View commit details
    Browse the repository at this point in the history